计算机技术与发展2024,Vol.34Issue(10):84-92,9.DOI:10.20165/j.cnki.ISSN1673-629X.2024.0165
基于多样化反馈演进策略的协议模糊测试
Fuzzing of Network Protocol Based on Multiple Strategies of Feedback and Evolution
摘要
Abstract
Network protocols are the basis of Internet communications,and security issues of them may expose a large number of devices in the network to catastrophic risks.Network protocols cover various layers and types,and each layer has its own characteristics and purposes.Vulnerabilities mining in the protocol implementation is a challenging task in computer security.We propose a black-box fuzzing scheme for multiple public or private network protocols,which can discover vulnerabilities in protocol implementation without knowledge of code and specifications.The proposed method can automatically implement protocol learning and feature extraction for a variety of network protocols from the physical layer to the application layer,and generate efficient test cases according to the results.In addition,multiple feedback strategies,such as status feedback,weight feedback,and machine learning are designed to improve the effectiveness of test cases.Furthermore,technologies such as taint analysis and execution flow tracking are used to monitor the process and results of test execution of the tested target,making the test result more accurate and improving the accuracy of vulnerability mining.In order to evaluate the effectiveness of the proposed method,we design and implement a fuzzing prototype system and several unknown security vulnerabilities in the protocol implementation are detected.Furthermore,compared with other schemes in terms of performance,the proposed method is outperformed in multiple dimensions of efficiency variation.关键词
网络协议/漏洞挖掘/模糊测试/状态反馈/权重反馈/机器学习Key words
network protocol/vulnerability mining/fuzzing/status feedback/weight feedback/machine learning分类
信息技术与安全科学引用本文复制引用
钟宏,夏云浩,张金鑫,马致原..基于多样化反馈演进策略的协议模糊测试[J].计算机技术与发展,2024,34(10):84-92,9.基金项目
国家自然科学基金(U23B2003) (U23B2003)
广东省重点领域研发计划项目(2020B0101120003) (2020B0101120003)
